> On Oct 17, 2016, at 3:28 PM, Alex Harui <aharui@adobe.com> wrote:
>
> And what are the rules if I compiled the code on a VM in the cloud? Does
> it matter where that VM is running?
>
> Seems like folks who need TAA compliance should always work from source
> packages and compile it themselves.
+1
Apache deals in open *source*.
Convenience binaries can be built by anyone, anywhere there is a computer with an internet
connection or a postal address where a tape (!) containing sources can be delivered.
Craig
>
> -Alex
>
> On 10/17/16, 2:15 PM, "sebb" <sebbaz@gmail.com> wrote:
>
>> Note also that each individual release may have a different release
>> manager who may reside in a different country.
>> And of course people may change their country of residence.
>>
>> On 17 October 2016 at 21:00, Paul Libbrecht <paul@hoplahup.net> wrote:
>>> Why can’t you or someone at your company rebuild within the US (or
>>> anywhere
>>> else appropriate) so that this compliance is guaranteed? It is generally
>>> expected that someone else successfully building will build the same
>>> artefact, even if differences such as modification date of binary files
>>> may
>>> exist. E.g. version numbers are the same.
>>>
>>> paul
>>>
>>>
>>> On 17 Oct 2016, at 21:50, Austin, Richard (Fort Collins)
>>> <richard.austin@hpe.com> wrote:
>>>
>>> Good afternoon,
>>>
>>> I am trying to determine the Country of Origin of a lengthy list of
>>> Apache
>>> open-source projects, in order to determine whether they are in
>>> compliance
>>> with the U. S. Trade Agreements Act (TAA). (Some of our customers
>>> require
>>> this.) TAA defines the Country of Origin as the country where the
>>> software
>>> is built--where final compilation occurs. There is a LONG list of
>>> countries
>>> that are TAA-approved.
>>>
>>> One person at human-response@apache.org noted that each project is
>>> generally
>>> compiled on the local machine of the Release Manager for that specific
>>> version and then uploaded. While I can contact each project separately
>>> to
>>> ask about the build country, I was advised that it might be worth
>>> checking
>>> with Apache Legal Affairs, in case a compilation of this information
>>> already
>>> exists. (It seems very likely that other groups needing TAA compliance
>>> would have already been asking Apache about this.)
>>>
>>> Do you know of any centralized source of Country of Origin information
>>> for
>>> Apache projects? Note that we are only looking for the country or
>>> countries--we do NOT need information on specific servers, cities, or
>>> states.
>>>
>>> Thanks very much for any information--or pointers to others who may have
>>> relevant information.
>>>
>>> Regards,
>>> Richard Austin
>>> Software Development Engineer
>>> Hewlett Packard Enterprise
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> For additional commands, e-mail: legal-discuss-help@apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
Craig L Russell
clr@apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org